Nation falling short on IT security: survey

Most organizations in China have failed to meet ever-growing challenges to information security, even though they have taken some steps to improve the situation, an Ernst & Young survey has found.

The need for better information security has become quite urgent in China, especially after the exposure of the United States' program known as PRISM, a clandestine Internet and telecom surveillance system operated by the US National Security Agency.

Meanwhile, in early July, the National Business Daily, a Chinese newspaper, revealed that hackers could easily get access to confidential account information residing on major securities firms' systems, through certain software developed by Qihoo 360 Technology Co Ltd.

The EY survey covered 1,836 interviewees across 64 countries between May and July 2012.

Despite corporate security upgrades, the pace of external threats has picked up speed, the survey said. In 2009, 41 percent of respondents noticed an increase in external attacks. By 2011, that number had leaped to 72 percent, and it rose further to 77 percent in 2012.

New technologies have opened up tremendous opportunities for organizations but have also created potential threats.

Cloud computing is one of the main drivers of the business model innovation. Over the past two years, the number of organizations using cloud-computing services has doubled.

However, 38 percent of respondents to the survey indicated that their organizations have not taken measures to mitigate risks, such as not exercising stronger oversight over the contract management process for cloud-service providers nor using encryption techniques.

In the new area of social media, the survey found that it can quickly build an organization's brand and expand its presence, and it can just as quickly crush it.

Challenges include data security, privacy concerns, regulatory and compliance requirements and the impact on productivity.

However, about 63 percent of respondents indicated that their organizations have no formal security architecture framework in place, while only 16 percent of respondents claim their information security functions do meet their business needs.

Copyright 1995 - 2010 . All rights reserved. The content (including but not limited to text, photo, multimedia information, etc) published in this site belongs to China Daily Information Co (CDIC). Without written authorization from CDIC, such content shall not be republished or used in any form. Note: Browsers with 1024*768 or higher resolution are suggested for this site.